Indiscretions to cyber threat detection and response let the attackers in. Today’s update to the Cyber Assessment Framework, v4.0, reaffirms guidance to help organisations elevate and demonstrate the “appropriate level of cyber resilience” and protect their critical national infrastructure.
CAF v4.0 is an avenue in which NCSC is supporting the government’s updates to the NIS Regulations through the Cyber Security and Resilience Bill, set to be introduced to Parliament this year.
Version 4.0 retains the alignment with its core objectives and 14 principles of:
Governance, risk & supply chain risk management
Access control, system security, data protection, staff awareness
Detection: monitoring & threat hunting
Response: incident recovery planning and lessons learned
The enhancements are targeted at organisations delivering essential everyday services, helping them address threats using actor profiling and methodology under NIS/NIS 2 compliance requirements.
Organisations should view systems from the attacker’s perspective and model potential attack paths, build security by design, and advance supply chain security.
Offering an outcome-based guidance, use of Indicators of Good Practice give a scale of achievement of these objectives, which assess an organisation’s level of cyber maturity.
